You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Joseph Witt (JIRA)" <ji...@apache.org> on 2018/08/10 18:38:00 UTC
[jira] [Commented] (NIFI-5508) Support disabling wantClientAuth
when running behind a reverse proxy.
[ https://issues.apache.org/jira/browse/NIFI-5508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16576706#comment-16576706 ]
Joseph Witt commented on NIFI-5508:
-----------------------------------
there is a PR under NIFI-5506 accidentally. Will comment on the PR.
> Support disabling wantClientAuth when running behind a reverse proxy.
> ---------------------------------------------------------------------
>
> Key: NIFI-5508
> URL: https://issues.apache.org/jira/browse/NIFI-5508
> Project: Apache NiFi
> Issue Type: Bug
> Components: Security
> Affects Versions: 1.7.0, 1.7.1
> Environment: Reverse Proxy & trying to use other credential provider when the reverse proxy provides a client certificate itself.
> Reporter: Curtis W Ruck
> Priority: Major
> Labels: rever
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> As discussed on mailing list.
> JettyServer always calls either setNeedClientAuth(true) or setWantClientAuth(true).
> When used with a reverse proxy that has a client certificate, it is impossible currently to use other credential providers as the X509 authentication takes precedence.
> Adding the ability to disable wantClientAuth via a NiFi property would enable the ability to leverage existing SSO solutions behind a reverse proxy.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)